Almost four months to the day that the Court of Justice of the EU issued its decision in the Max Schrems “Facebook” Case, which ruled the US “Safe Harbor” scheme (relating to transatlantic data transfer) invalid, the EU Commissioner for Justice, Věra Jourová, has this week announced that there is now political agreement on the future of such data transfer and this will be known as “the EU-US Privacy Shield”.

The text of the Privacy Shield has not been made available yet but it is expected before the end of this financial year.

“Strong obligations on companies handling Europeans' personal data and robust enforcement” – companies within the US seeking to import relevant data from the EU will need to commit to “robust [processing] obligations”. The US Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission;

“Clear safeguards and transparency obligations on U.S. government access” – the US has provided the EU with written assurances that the access to personal data of public authorities shall be “subject to clear limitations, safeguards and oversight mechanisms”. There will be a proportionality test upon these exceptions – i.e. only to the extent required in the circumstances. There will be a joint review undertaken annually conducted by the Commission and the U.S. Department of Commerce; and

“Effective protection of EU citizens' rights with several redress possibilities” – EU citizens considering their data may have been misused will have “several redress possibilities”. European data protection authorities may refer complaints to the Department of Commerce and the Federal Trade Commission. Alternative Dispute resolution will be free of charge and a new Ombusdsman will be put into place relating to “complaints on possible access by national intelligence authorities”.